Automated encryption (SSL/TLS)
If you have activated the firewall on your service ensure port 80 is open or else certificate creation/renewal will fail
From the service dashboard, click on "Security"Custom tab,Domain Names" in the overview tab then click on "Manage SSL Domains"
From there you can manage allowed domains for SSL. If you want to add a new domain, justejust type it and press enter to add it to the list of authorized domains. You will also need to create a DNS entry to point your domain to the IP address of your service.
You can either create aan A record or CNAME record to point to your service. CNAME is preferedpreferred as it won't change even if your IP change (eg: this can happen if your clone/migratemigrates your service to another provider.
Once added, you can verify if your DNS entry is propagated with a tool like https://dnschecker.org/
Once propagated SSL should work instantly on your service. CertificateThe certificate will be automatically generated and renewed.
Cloudflare users
If you are using cloudflare,Cloudflare, you should not enable reverse proxy (orange cloud) on your DNS entriesentries, or else it will prevent the SSL certificate creation/renewal process from Elestio with Letsencrypt.
If you still want to use cloudflareCloudflare with orange cloud, you should do this to disable elestio SSL for your custom domain:
1) Connect to the VM with SSH and type this:
nano /opt/elestio/nginx/.env
there remove your domain from the first line and save with CTRL+X
then type this command:
cd /opt/elestio/nginx;
docker-compose down;
docker-compose up -d;
after that nginx won't try again to obtain an SSL certificate for your domain and your site will use only the SSL from cloudflare.Cloudflare.
Troubleshooting SSL not generated
You can display the nginx log with this command in a terminal:
cd /opt/elestio/nginx;
docker-compose logs -f;
press ctrl+c to stop displaying the live logs
Reset SSL_DATA folder
In some cases, the /opt/elestio/nginx/ssl_data folder can become corrupted, if this happens, connect to a terminal and try this:
cd /opt/elestio/nginx/;
docker-compose down;
mv ./ssl_data/ ./ssl_data_old/;
mkdir ./ssl_data/;
chmod 777 ./ssl_data/;
docker-compose up -d
Once executed just open your custom website url again and your certificate should be generated and your site served over SSL/TLS.